Historique de la page
...
Properties below are set in /properties/config.properties, they differ depending on the deployment mode.
See also : The user types (CAS, Shibboleth and application) are detailed at 00 Users
Portlet deployment
Users are authenticated:
- by the portal (in this case, the connected user's id is passed to the application through JSR-168 preferences).
- or by the application itself for external users (in this case, the portal runs as guest).
JSR-168 uid preference
.
Setting the allowed authentication methods
Setting the allowed authentication methods is done by setting the three following properties (default values below):
Bloc de code |
---|
auth.useCas=true
auth.useShibboleth=false
auth.useApplication=true |
CAS properties
When the CAS authentication is allowed, the following property must be set:
Bloc de code |
---|
cas.url=https://cas.domain.edu |
In servlet or quick-start deployments, the id authenticated user is retrieved from the HTTP session (set by the CAS J2EE filter).
In portlet deployments, the id of the authenticated user is passed from the portal to the portlet thanks to a JSR-168 preference (uid by default):
Bloc de code |
---|
Bloc de code |
#auth.portal.uidAttribute=uid |
Shibboleth properties
When the Shibboleth authentication is allowed, the properties to set depend on the deployment used.
Servlet
...
and quick-start deployments
Users are authenticated:
- by CAS (the connected user's id is retrieved by the CAS J2EE filter).
- or by the application itself for external users (in this case, the portal runs as guest).
Adresse du serveur CAS (required)
The id of the authenticated user is retrieved from a specific HTTP header:
Bloc de code |
---|
auth.shibbolethIdHeader=REMOTE_USER2 |
The attributes of the authenticated user are also retrieved from some HTTP headers:
Bloc de code |
---|
auth.shibbolethAttributeHeaders=Shib-InetOrgPerson-displayName,Shib-InetOrgPerson-givenName,Shib-InetOrgPerson-mail,Shib-Person-surname |
These attributes are stored in the application database.
Portlet deployments
The id of the authenticated user is passed by the portal to the portlet thanks to a JSR-168 preference:
Bloc de code |
---|
auth.portal.uidAttribute=uid |
The attributes of the authenticated user are also passed by the portal to the portlet thanks to JSR(168 preferences:
Bloc de code |
---|
auth.portal.attributes=displayName,mail |
Passing such attributes may require some changes at portal-level.
...